poky/meta/recipes-support/curl/curl/CVE-2022-32221.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28

From a64e3e59938abd7d667e4470a18072a24d7e9de9 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Thu, 15 Sep 2022 09:22:45 +0200
Subject: [PATCH] setopt: when POST is set, reset the 'upload' field

Reported-by: RobBotic1 on github
Fixes #9507
Closes #9511

CVE: CVE-2022-32221
Upstream-Status: Backport [https://github.com/curl/curl/commit/a64e3e59938abd7d667e4470a18072a24d7e9de9]
Signed-off-by: Bhabu Bindu <bhabu.bindu@kpit.com>
---
 lib/setopt.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/setopt.c b/lib/setopt.c
index 03c4efdbf1e58..7289a4e78bdd0 100644
--- a/lib/setopt.c
+++ b/lib/setopt.c
@@ -700,6 +700,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param)
     }
     else
       data->set.method = HTTPREQ_GET;
+    data->set.upload = FALSE;
     break;
 
   case CURLOPT_HTTPPOST: